From: "Matt Kettler" <[EMAIL PROTECTED]>
> At 07:33 PM 5/10/2004, Pham, Tu wrote:
> >Does SA performance decrease when the whitelisting list becomes quite
large?
>
> Yes, but how big the list needs to be before you have problems is highly
> dependant on your network.
>
> Basically *everything* you add to sa decreases it's performance somewhat.
> In the case of whitelists, the speed of execution is pretty fast, but if
> you have a *LOT* of them the memory usage alone can crush you.
>
> >I'm currently running SA 2.63 on Red Hat 7.2. Tried to install Razor but
> >had problems with it because of our firewall but I am considering trying
> >it again.
>
> If you're having false positive problems, work those out _before_ you add
> razor. It's counterproductive to add optional features which increase
email
> scores when you're having major problems with false positives. Work on
> things that *decrease* the score, not things that increase it.
>
> As for the firewall, Razor needs to connect to tcp/7 and tcp/2703 on the
> razor servers. No inbound connections. Use a stateful firewall setup to
> allow the responses to those connections back in, or use the old
> "ack-bit-required" trick if you just have a plain packet filter. (ie:
treat
> it the same way you treat outbound client requests to port 80 for http.)
>From watching this list for awhile I've noted that automatic whitelisting
seems like a good idea that goes bad with just a little prodding. A series
of emails that are not caught as spam will whitelist an address leading to
missed spam. I refuse to run it due to this downside.
{o.o}
